PT-2025-6153 · Unknown · 1000 Projects Bookstore Management System
Neo-O
·
Published
2025-02-11
·
Updated
2025-02-28
·
CVE-2025-1173
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
1000 Projects Bookstore Management System version 1.0
Description:
A critical issue has been found in the 1000 Projects Bookstore Management System. This issue affects an unknown part of the file process users del.php. The manipulation of the
id argument leads to SQL injection. It is possible to initiate the attack remotely.Recommendations:
For version 1.0, consider disabling the
process users del.php file or restricting access to it until a patch is available. Avoid using the id argument in the affected file to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1000 Projects Bookstore Management System